<?php

require_once("header.php");

if ( $_SESSION['logon'] !== true ) {

	echo 'Login first';

} else {

	$postid = $_POST['postid'];
	$content = $_POST['newcommentcontent'];
	
	if ( !preg_match("/^[0-9]+$/i", $postid) ) {
		echo 'Please choose post';
		exit(0);
	}
	if ( !preg_match("/^.{5,500}$/", $content) ) {
		echo 'Please input content(5-500)';
		exit(0);
	}
	// insert new comment
	$new = $db->query("Insert Into comment(post_id, user_id, content, comment_time) values($postid, ".$_SESSION['user_id'].", '".addslashes($content)."', '".date('Y-m-d H:i:s')."')");
	
	if ( $new->rowCount() > 0 ) {
		
		echo "OK";
		
	} else {
	
		echo "database error";
	
	}

}


?>